package com.erudika.para.security;

import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.filters.CORSFilter;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/erudika/para/security/SecurityUtils.class */
public final class SecurityUtils {
    private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);

    private SecurityUtils() {
    }

    public static User getAuthenticatedUser() {
        return getAuthenticatedUser(SecurityContextHolder.getContext().getAuthentication());
    }

    public static User getAuthenticatedUser(Authentication authentication) {
        User user = null;
        if (authentication != null && authentication.isAuthenticated() && (authentication.getPrincipal() instanceof AuthenticatedUserDetails)) {
            user = ((AuthenticatedUserDetails) authentication.getPrincipal()).getUser();
        }
        return user;
    }

    public static App getAuthenticatedApp() {
        App app = null;
        if (SecurityContextHolder.getContext().getAuthentication() != null) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication.isAuthenticated() && (authentication.getPrincipal() instanceof App)) {
                app = (App) authentication.getPrincipal();
            }
        }
        return app;
    }

    public static void clearSession(HttpServletRequest httpServletRequest) {
        HttpSession session;
        SecurityContextHolder.clearContext();
        if (httpServletRequest == null || (session = httpServletRequest.getSession(false)) == null) {
            return;
        }
        session.invalidate();
    }

    public static boolean isValidJWToken(String str, SignedJWT signedJWT) {
        boolean z;
        if (str == null || signedJWT == null) {
            return false;
        }
        try {
            if (!signedJWT.verify(new MACVerifier(str))) {
                return false;
            }
            Date date = new Date();
            JWTClaimsSet jWTClaimsSet = signedJWT.getJWTClaimsSet();
            Date expirationTime = jWTClaimsSet.getExpirationTime();
            Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
            boolean z2 = expirationTime == null || expirationTime.before(date);
            if (notBeforeTime != null) {
                if (!notBeforeTime.after(date)) {
                    z = false;
                    return z2 && !z;
                }
            }
            z = true;
            if (z2) {
            }
        } catch (ParseException e) {
            logger.warn((String) null, e);
            return false;
        } catch (JOSEException e2) {
            logger.warn((String) null, e2);
            return false;
        }
    }

    public static SignedJWT generateSuperJWToken(App app) {
        return generateJWToken(null, app);
    }

    public static SignedJWT generateJWToken(User user, App app) {
        if (app == null) {
            return null;
        }
        try {
            Date date = new Date();
            JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
            String str = CORSFilter.DEFAULT_EXPOSED_HEADERS;
            builder.issueTime(date);
            builder.expirationTime(new Date(date.getTime() + (app.getTokenValiditySec().longValue() * 1000)));
            builder.notBeforeTime(date);
            builder.claim("refresh", Long.valueOf(getNextRefresh(app.getTokenValiditySec().longValue())));
            builder.claim("appid", app.getId());
            if (user != null) {
                builder.subject(user.getId());
                str = user.getTokenSecret();
            }
            MACSigner mACSigner = new MACSigner(app.getSecret() + str);
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), builder.build());
            signedJWT.sign(mACSigner);
            return signedJWT;
        } catch (JOSEException e) {
            logger.warn("Unable to sign JWT: {}.", e.getMessage());
            return null;
        }
    }

    private static long getNextRefresh(long j) {
        long longValue = Config.JWT_REFRESH_INTERVAL_SEC.longValue();
        if (j < 2 * longValue) {
            longValue = j / 2;
        }
        return System.currentTimeMillis() + (longValue * 1000);
    }

    public static String[] getCustomAuthSettings(String str, String str2, HttpServletRequest httpServletRequest) {
        App read;
        String removeEnd = StringUtils.removeEnd(str2 + CORSFilter.DEFAULT_EXPOSED_HEADERS, Config.SEPARATOR);
        String str3 = removeEnd + "_app_id";
        String str4 = removeEnd + "_secret";
        String[] strArr = {Config.getConfigParam(str3, CORSFilter.DEFAULT_EXPOSED_HEADERS), Config.getConfigParam(str4, CORSFilter.DEFAULT_EXPOSED_HEADERS)};
        if (!StringUtils.isBlank(str) && !App.isRoot(str) && (read = Para.getDAO().read(App.id(str))) != null) {
            Map settings = read.getSettings();
            if (settings.containsKey(str3) && settings.containsKey(str4)) {
                String str5 = settings.get(str3) + CORSFilter.DEFAULT_EXPOSED_HEADERS;
                String str6 = settings.get(str4) + CORSFilter.DEFAULT_EXPOSED_HEADERS;
                strArr[0] = str5;
                strArr[1] = str6;
            }
            if (httpServletRequest != null) {
                if (settings.containsKey("signin_success")) {
                    httpServletRequest.setAttribute("AUTH_SIGNIN_SUCCESS_ATTRIBUTE", settings.get("signin_success"));
                }
                if (settings.containsKey("signin_failure")) {
                    httpServletRequest.setAttribute("AUTH_SIGNIN_FAILURE_ATTRIBUTE", settings.get("signin_failure"));
                }
            }
        }
        return strArr;
    }
}
